IETF Logo Mail Archive

Re: [Endymail] Hashes of key as addresses

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 29 August 2014 02:02 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4079E1A0290 for <endymail@ietfa.amsl.com>; Thu, 28 Aug 2014 19:02:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.621
X-Spam-Level:
X-Spam-Status: No, score=0.621 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wMCbwVZJm8Co for <endymail@ietfa.amsl.com>; Thu, 28 Aug 2014 19:02:36 -0700 (PDT)
Received: from mail-lb0-x236.google.com (mail-lb0-x236.google.com [IPv6:2a00:1450:4010:c04::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D4C31A0275 for <endymail@ietf.org>; Thu, 28 Aug 2014 19:02:33 -0700 (PDT)
Received: by mail-lb0-f182.google.com with SMTP id u10so1849660lbd.13 for <endymail@ietf.org>; Thu, 28 Aug 2014 19:02:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=Ckzs5ilItIz3jm0J575jdwiqkKq1gODjU7ocpIf9a7o=; b=tvgfuD2qFC6azVcaItCkND82+GIqlcR9BDgVqXmIFZlSZlmpEgSnw/B5D8XITVd4jO wv1ShIIHZoVlPKQEJU747QIyXOUhQ88s+TOndm4KlZiVwMF/tYS3XVBif2aKVFIgj4sV ahHQYBTQOVYs98EHAM2XSWxDzqXvjOOH/Gz6RCigSkRmTd1C29XXCr1WNJihWGJE4NTz n3ZTJ6Kft4Qm1JgQsrPmQ1iWsgNcoABplSHOG41Ar7gs2yoMgxwaovUhmav23uHmzuQk 8SC9GwPoL/6OaZm1BMwdy+WVJz6YNFjYPxH5hI+XNlakWxOMQ4ZgUyFNEsMRhvWnVXt7 3ZPg==
MIME-Version: 1.0
X-Received: by 10.112.8.99 with SMTP id q3mr7823821lba.85.1409277751591; Thu, 28 Aug 2014 19:02:31 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.122.50 with HTTP; Thu, 28 Aug 2014 19:02:31 -0700 (PDT)
In-Reply-To: <20140829013416.GA27739@vegoda.org>
References: <CAMm+LwimhUi5uZAgm9erYtMJ9-o6+x__344TwKH4-Pa_-mckfg@mail.gmail.com> <20140829013416.GA27739@vegoda.org>
Date: Thu, 28 Aug 2014 22:02:31 -0400
X-Google-Sender-Auth: 9V291Ec-04Ai9WwP2xSoug3jrMY
Message-ID: <CAMm+LwhY3bfp7+FLeakwg9NEX7aJz-vtGs-+moNh8H9Lr7fWVQ@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Leo Vegoda <leo@vegoda.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/v26C6tPENWfqVrYZq0rc-6uSNH0
Cc: endymail <endymail@ietf.org>
Subject: Re: [Endymail] Hashes of key as addresses
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Aug 2014 02:02:39 -0000

On Thu, Aug 28, 2014 at 9:34 PM, Leo Vegoda <leo@vegoda.org> wrote:
> On Thu, Aug 28, 2014 at 07:23:20PM -0400, Phillip Hallam-Baker wrote:
>
> [...]
>
>> Now obviously nobody is going to want to read out a strong email
>> address over the phone. But if we have the right discovery
>> infrastructure in place they don't need to.
>
> Can you please expand on this point? I think that if this is solved
> then public key information would be far easier but that without it
> we'll really struggle to communicate the secure form of an e-mail
> address.

Well first off, this is obviously an area where there are likely to be
many ideas. So this is not something I want to weld into the client
right now. The proper place therefore for the capability would be in a
Web Service. In the past I worked on XKMS with Stephen and others. But
these days curly brackets are more fashionable than angle braces so I
think we want to go for a JSON service.

I have two specs defining an interface to the services:

1) OmniPublish: A Web service used by the key holder to manage their
keys. So this is the interface to the key publication mechanism,
notarization, certification, recovery and similar services.

2) OmniQuery: A Web service used by a party wanting to establish a
connection to an Internet end point which may be a Service or an
account.

These are both designed to support a broad spectrum of uses. But as it
turns out end to end email turns out to be the hardest security
problem to solve and so pretty much all the features are used.

[Links to all this stuff is on prismproof.org]


These specifications are designed to be as generic as possible and not
make constraining assumptions. But for there to be a system there
obviously needs to be some sort of infrastructure that takes the
information published though OmniPublish, processes it in some fashion
and delivers it on request in response to an OmniQuery.

As I said, I think there will be many ideas and this is a good thing.
But lets get one thing straight, lets make it so anyone who has a good
idea on how to join the two interfaces up just needs to write that
part of the code and not have to write their own email clients to test
it out.

The idea of OmniQuery is that it is a Web Service that acts like a
meta-directory on steroid. The OmniQuery broker can obtain the
information it returns in any way that makes sense.



So that said, here are some examples of how the two can be connected:

1) CA based certificate issue

CA issued email certs don't address every use case. In particular they
don't address use cases where the trust relationships are
non-hierarchical. But that does not change the fact that we have about
5 million users of S/MIME, most of whom work in organizations that are
hierarchical and issued certificates accordingly.

There have been many proposals for directories that map domains to
certificate servers. And an OmniQuery broker could acquire information
through those sources.


2) Certificate Transparency Notary Service

Lets say that a self-signed certificate is generated and published to
some party that enrolls it in a CT notary log and the log is public
and the OmniQuery service reads the log. The OmniQuery service now has
raw material that it could use to respond to key queries.


3) Combination of 1 and 2.

Lets say I set up a CT service for self signed email certs. Given that
Comodo offers free email certs, why not return them a freebie cert so
that they can use their S/MIME mail to sign mail?

Alternatively, won't a party running a log want to verify that a
request comes from the actual holder of the email address? If so they
will act like a CA even if they don't have all the process, audits
etc.


4) Web of Trust.

I really can't do justice to this here but the brief version is that
the PGP Web of Trust is a crock because it does not scale. But add in
a CT notary type service and a small number of CA validated links and
suddenly you get a Web of Trust that is stronger than either the PKIX
or Web of Trust model on its own.

[Been talking about this for several months BTW].

v2.8.7 | Report a Bug | By Email